Skip to main content

Run First Investigation

Overview

After setting up your cluster, alerting, and Slack, run your first investigation to see OpsWorker in action.

Options

The fastest way to see an end-to-end investigation:

  1. Go to your cluster settings in the OpsWorker portal
  2. Click Test Integration
  3. A synthetic alert is sent through the complete pipeline
  4. Investigation results appear in both the portal and Slack within 2 minutes

Option 2: Wait for a Real Alert

If your alerting system is connected and alert rules are configured:

  1. The next alert from your monitoring system that matches an alert rule will trigger an investigation automatically
  2. No action needed — just wait for an alert to fire
  3. Results are delivered to Slack and the portal

Option 3: Use AI Chat

Ask a question about your cluster directly:

  1. Open Chat in the OpsWorker portal
  2. Ask a question like:
    • "Are there any pods in CrashLoopBackOff?"
    • "What's the status of namespace production?"
    • "Show me recent events in the cluster"
  3. OpsWorker queries your cluster in real time and responds

What Happens During an Investigation

  1. Alert arrives — OpsWorker receives the alert via webhook
  2. Field extraction — Identifies the affected namespace, pod, and severity
  3. Topology discovery — Maps the affected resource and its dependencies (pod → service → ingress)
  4. Data collection — Gathers logs, events, and configurations from all discovered resources
  5. AI analysis — Analyzes collected data to identify the root cause
  6. Recommendations — Generates specific remediation steps with kubectl commands
  7. Notification — Posts results to Slack and the portal

Viewing Results

In the Portal

Navigate to Investigations to see your completed investigation. The detail page shows:

  • Topology view — Visual map of affected resources and their relationships
  • Collected data — Logs, events, and configurations gathered during investigation
  • AI analysis — Root cause identification with confidence level
  • Recommendations — Immediate actions and preventive measures
  • Conversation log — The AI's decision-making process

In Slack

The Slack notification includes a summary with root cause, affected resources, recommendations, and feedback buttons. Click the investigation link to view full details in the portal.

Providing Feedback

After reviewing the investigation, provide feedback using the Slack buttons or the portal:

  • Accurate — Root cause and recommendations were correct
  • Partially Accurate — Some parts were helpful, others need improvement
  • Needs Improvement — Investigation missed the mark

Your feedback helps improve investigation quality over time.

Next Steps